Difference between revisions of "Cool Solution - Setting up Zimbra with LDAP authentication"

From Univention Wiki

Jump to: navigation, search
(Updated for UCS 4.3 and 4.4)
Tag: Replaced
(20 intermediate revisions by 4 users not shown)
Line 1: Line 1:
This Cool Solution has been discontinued in favor of the [https://www.univention.com/products/univention-app-center/app-catalog/zimbra/ Connector for Zimbra] in our App Center.
As Zimbra ships all needed services and updates them when executing a regular Zimbra update, so, to simplifly matters, the shipped services will be used in a 64bit UCS Memberserver installation. Later on, the authentication against the DC Master using LDAP will be described. If required, Univetion can provide support for replicating user data.
== Installing Zimbra ==
First, the latest version of Zimbra must be downloaded. As of time of writing, the latest version is from August 4th, 2011. Zimbra will be installed in /opt:
cd /opt
wget http://files2.zimbra.com/downloads/7.1.2_GA/zcs-7.1.2_GA_3268.DEBIAN5_64.20110804120420.tgz
tar -xzf zcs-7.1.2_GA_3268.DEBIAN5_64.20110804120420.tgz
cd zcs-7.1.2_GA_3268.DEBIAN5_64.20110804120420/
Next, the Apache webserver and postfix must be stopped and configured that both services do not automatically start when booting the system.
/etc/init.d/apache2 stop
ucr set apache2/autostart=no
/etc/init.d/postfix stop
ucr set postfix/autostart=no
To satisfy all needed dependencies, the UCS unmaintained repository must be activated and the dependencies be installed:
ucr set repository/online/unmaintained=yes
univention-install libidn11 curl fetchmail libgmp3c2 sysstat sqlite3
The interactive installation can now be started. During the installation some options can be changed, however, the default settings are mostly appropriate.
It can occur that the installation script cannot find the MX record, this step can be skipped by pressing '''n''' on the keyboard. When the installation is finished, the administrator's password must be entered.
To start the Zimbra service automatically when booting the system, it must be configured to do so:
update-rc.d zimbra defaults
Since Zimbra's LDAP libraries conflict with the LDAP libraries shipped with UCS, the global path for LDAP libraries must be altered. Open the file '''/etc/univention/templates/files/etc/profile''' with an editor and add the following line:
export LD_LIBRARY_PATH="/usr/lib"
For the change to take effect, the file must be re-written:
ucr commit /etc/profile
'''WARNING:''' When updating the server, the changes can be reverted. If this is the case, the changes need to be made again!
Finally, restart your server:
== Accessing Zimbra ==
Zimbra can be accessed by opening either webaddress in your browser. At this time, a login is only possible as the administrative user. To log in, open on of the two addresses and login as '''admin@<domain>''' and use the password, which has been entered during the installation.
User login:
http://<IP of Zimbra server>/
Administrative user login:
http://<IP of Zimbra server>:7071
== Configuration to use an external LDAP service ==
By default, Zimbra uses its own LDAP server. However, it is possible to configure Zimbra to use an external LDAP service. It is important that in both LDAP directories the usernames are identical. During login, Zimbra tries to authenticate the user against the external LDAP service. If the authentication is successful, the user is considered as authenticated and can use Zimbra. When the LDAP authentication is properly configured, Zimbra will only authenticate against the external LDAP service and not its own.
To configure Zimbra to use an external LDAP service, log in as an administrative user and navigate to the administration page. Open the configuration page by navigating to '''Configuration''' -> '''Domains'''. Click on the button "Configure Authetification", located at the upper part of the page. A configuration wizard will open and the settings can now be edited (assuming the domain is ucs.test):
Authentication Mechanism: External LDAP
LDAP URL: ldap://<FQDN des Masters>:389
LDAP-Filter: (uid=%u)
LDAP-Search-Base: dc=ucs,dc=test
Use DN/Password to bind to
external Server: Yes
Bind DN:
=== Synching user data ===
In order for the LDAP authentication against an external LDAP service to be successful, the usernames in both LDAP directories must be identical.
== System mails ==
In order to receive system mails, like those generated by cronjobs, it is necessary to set root@<server fqdn> and root@<maildomain> as aliases in the Zimbra administration page.

Latest revision as of 16:02, 22 May 2019

This Cool Solution has been discontinued in favor of the Connector for Zimbra in our App Center.

Personal tools